jbontech

L0 = bare metal machine
L1 = VM on bare metal
L2 = VM on VM

First, ensure virtualization is enabled on L0 as described here: https://docs.fedoraproject.org/en-US/quick-docs/using-nested-virtualization-in-kvm/#proc_enabling-nested-virtualization-in-kvm

Next, launch L1 with the following Vagrant config (or an equivalent directly on the hypervisor):

Vagrant.configure("2") do |config|
  config.vm.box = "generic/ubuntu1604"

jbontech

Dockerfile

FROM ubuntu:18.04
RUN apt-get update -y && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils vagrant && \
    apt-get autoclean && \
    apt-get autoremove && \
    vagrant plugin install vagrant-libvirt
COPY startup.sh /
ENTRYPOINT ["/startup.sh" ]

jbontech

• Awesome Sysadmin
  • Automation
  • Backups
  • Build and software organization tools
  • ChatOps
  • Client Management
  • Cloning
  • Cloud Computing
  • Cloud Orchestration
• Cloud Storage

jbontech

Install Vagrant

sudo su
apt-get update && apt-get install -y libvirt-dev ruby-all-dev apparmor-utils
curl -O -L https://dl.bintray.com/mitchellh/vagrant/vagrant_1.6.5_x86_64.deb
dpkg -i vagrant_1.6.5_x86_64.deb 
aa-complain /usr/lib/libvirt/virt-aa-helper # workaround
exit

Install vagrant-kvm as user

jbontech

# -*- mode: ruby -*-
# vi: set ft=ruby :
#
Vagrant.configure(2) do |config|

  # This is an image of Ubuntu 14.04 LTS with libvirt support
  config.vm.box = "baremettle/ubuntu-14.04"
  config.vm.provision :shell, path: "provision.sh"

  # config.vm.synced_folder "../data", "/vagrant_data"

jbontech

Overview

This gist provides a quick overview of deploying SSL certificates to servers using Salt. I use a wildcard certificate for our domain, which makes management easier.

Quick Start

1. Start with pillar_ssl-certificate.sls, which should be populated with your certificates and placed in Salt's pillar_roots directory (typically /srv/pillar).
2. Place state_ssl-certificate.sls in Salt's file_roots directory (typically /srv/salt).
3. Include the contents of top.sls in both the pillar and state top.sls file. (Modify for your minion IDs of course.)

Details

Use pillars to distribute sensitive data, such as SSL certificates. Accoring to the [Salt Pillar Walkthrough][2]:

Information transferred via pillar is guaranteed to only be presented to the minions that are targeted, making Pillar suitable for managing security information, such as cryptographic keys and passwords.

jbontech

#!/bin/sh

# Suspend, hibernate, restart or shutdown the computer without sudo!
# by Chris Wong
# Released to the public domain.

NAME=$0

usage() {
    echo "Usage: $NAME suspend|hibernate|restart|shutdown"

jbontech

Some Jenkinsfile examples

jbontech

I use tmux splits (panes). Inside one of these panes there's a Vim process, and it has its own splits (windows).

In Vim I have key bindings C-h/j/k/l set to switch windows in the given direction. (Vim default mappings for windows switching are the same, but prefixed with C-W.) I'd like to use the same keystrokes for switching tmux panes.

An extra goal that I've solved with a dirty hack is to toggle between last active panes with C-\.

Here's how it should work:

jbontech

# /srv/salt/upgrade_the_app.sls
# Example of a complex, multi-host Orchestration state that performs status checks as it goes.
# Note, this is untested and is meant to serve as an example.
# Run via: salt-run state.orch upgrade_the_app pillar='{nodes: [nodeA, nodeB], version: 123}'

{% set nodes = salt.pillar.get('nodes', []) %}
{% set all_grains = salt.saltutil.runner('cache.grains',
    tgt=','.join(nodes), tgt_type='list') %}

{# Default version if not given at the CLI. #}